My name is Usman Nasir and I am the writer behind cyberpersons.com, well I created this blog to share my experiences related to Linux. My area of interests for the blog are mainly linux security, I must say that no network is 100% secured at any time, even the world best security advisors constantly learn how to improve their server security. The world most secure machine is obviously the one which is not connected to the INTERNET at all, but then whats the point, right ?

Little about my self

I am currently in the last year of my computer sciences, I’ve worked in various companies in past and present that includes

FirstHosting

9xhost

I was a technical support staff mostly solving issues related to Linux, virtualization (KVM, Xen, VMware). I will try my best through this blog to help you as much as I can to improve your linux skills 🙂

Security

Security of any linux/windows machine is really a hot topic for decades now, but how can we make sure that we are atleast secure for the most part ?

If you have services running on your machine such as (apache web server, mail server, ftp) they continuously look for the incoming requests from client and respond with the requests. Then your machine is most vulnerable. So how you can secure your machine if you are running a public service?

Squeezing the attack surface

The first thing a person do to secure their nodes are to squeeze the attack surface on their machines, block unwanted open ports, remove unwanted services, and most importantly secure your SSH server.

Firewall

The first thing that comes into mind is firewall, firewall do a fairly good job at securing your server. How ever all they do is block or unblock a certain unwanted open port on your machine. But public services such as apache needs their ports opened to function properly, so what do we do then ?

Then we need to secure and patch each and every service that listens for users requests from Internet.

IDS (Intrusion detection system)

IDS are not very easy to implement but if implemented in a right way, then can really serve well in case you get attacked frequently, Intrusion detection system monitor incoming and out going packets on your machine and with the help of some rules they make sure every thing is at the right place.

Patching your system

Always make sure that your system programs are up-to date and latest security patches are already installed for every service that runs, people usually don’t give importance to security updates but security loop holes get the attention of a hacker most of the time, so make sure your system is up-to date.